Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

unknown DNS server

Status
Not open for further replies.
vbportal

vbportal

Technical User
Nov 7, 2002
53
0
0
HR
Hi,
A few weeks ago my PC had a virus, so I'm now more careful and cautious when I see something strange happening around my firewall.

I was wondering if someone could help with the following:
My ISP (1&1 in Germany) has 2 DNS server addresses. I have allowed both of them in my firewall BUT when I checked which are the DNS servers (via ipconfig /all in XPHome), I see one of the ISP DNS server addresses (194.25.2.129) and a Telekom DNS server address 212.185.249.84

The firewall is showing messages such as:
'Generic Host Process for Win32 Services' from your computer wants to send UDP datagram to [212.185.249.84], port 53


'Generic Host Process for Win32 Services' from your computer wants to send UDP datagram to 212.185.249.84, port 53
c:\windows\system32\svchost.exe

I'd like to know why the Telekom IP address shows up/is it some virus etc - any leads ?

Best regards,Vjeko
 
Sort by date Sort by votes
It's set up as a primary or secondary DNS server in the networking settings for the connection.

Each operating system is differant as to how you check it, so if you tell me which os you're using, I can explain how to change it, but what you basically have to do is:

1. Go into "Network and Dial Up Connections"
2. Go into the properties of your internet connection
3. Go to the networking tab
4. Go into the properties for TCP/IP
5. Change the primary and secondary DNS servers to the 1&1 DNS servers.

 
Upvote 0 Downvote
Also verify that your hosts file hasn't been hijacked. This is getting to be quite common.
c:/windows/system32/drivers/etc/ ->the file called hosts. Open it with notepad and look for any references to that IP. Delete them if they're there.

 
Upvote 0 Downvote
Hi,
I checked what you guys indicated but still have no clue
whether this DNS address is OK/why it is there:
The USB DSL modem softare sets the DNS server setting to "automatic", so I cannot set the actual DNS server address.

As for the hosts and other files, they are OK - no sign of this DNS address there.

I searched through the registry and found the DNS address in 2 places:
TypedURLs/url22

and in Interfaces /{long number....}/Name Server
(here I found both DNS addresses as given by ipconfig/all.

Where does the DNS server address given by ipconfig/all come from/can it be something generated by virus/worm etc or is it generally valid i.e. it is OK to allow it through my firewall ?

BR,Vjeko
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zebad
  • Locked
  • Question
TFTP interference from another host (Windows Server , VxWorks Client)
Replies
0
Views
155
Zebad
Zebad
sologeek
  • Locked
  • Question
VPN server help
Replies
0
Views
114
sologeek
sologeek
TheDugsBaws
  • Locked
  • Question
DNS/VPN/IP Addressing
Replies
0
Views
42
TheDugsBaws
TheDugsBaws
EricFowler
  • Locked
  • Question
snmpget always returning 'Unknown Object Identifier"
Replies
0
Views
55
EricFowler
EricFowler
Kevinillingw
  • Locked
  • Question
DHCP Router or Server
Replies
0
Views
46
Kevinillingw
Kevinillingw

Part and Inventory Search

Sponsor

Back
Top